[WEB SECURITY] [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

Andre Gironda andreg at gmail.com
Wed Aug 10 13:54:46 EDT 2011


On Tue, Aug 9, 2011 at 2:34 AM, Context IS - Disclosure
<disclosure at contextis.co.uk> wrote:
> Under native Windows, CAT will only use IE to render the HTML.  I can see your point as to why you might not want to use IE and I will look into adding in a Gecko rendering option for the next version.

I attempted to use both the Windows registry IsDefaultRenderer=1 entry
and 'X-UA-Compatible: chrome=1' header in every response, but still
could not change the rendering engine in CAT (latest version) from IE
to ChromeFrame.

However, CAT has a proxy. It does not, however, include the feature to
"show response in browser" as does Burp -- which would allow you to
switch between browsers to see if the XSS works in one versus another.

Cheers,
Andre




More information about the websecurity mailing list